That's unlikely to work. Police forensics usually work with a drive image instead of with the device itself as much as possible to avoid damaging evidence either through allowing active measures like a dead mans switch or mishandling by investigators.
Beyond that simply removing the dive and putting it in another computer would bypass any switch except one in the drive firmware itself. Are there any software out there designed to do that?
Not feasible with iPhones, as it is not possible to access the security processor memory. At least, not without some very sophisticated attack, e.g. using some sort of differential power analysis on the chip. Very expensive.
Not sure. Last time I read about these things soldered in storage wasn't really a thing. For some things where it's still largely a separate board they could probably just desolder it and attach it to another device via pogo pins or something. For monolithic boards you could attach wires directly to the chip given enough resources.
IME could maybe be useful for this but it's hard to prevent the take the drive out and attach it to another machine without having firmware or a ME-like chip on the drive to make it wipe if it's connected to a different machine.
Yes though in this [0] teardown there's a comment at the bottom that makes it sound like there's an easy connector where the SSD CPU connection can be accessed which would probably allow non-destructive imaging without involving the CPU so no userland software could protect against imaging.
> The funny connector to nowhere is the connector to tap into the SSD. When the Apple connector is mounted (as supplied) it connects the CPU to the SSD. When removed the signals for the SSD can be accessed.
